Re: [EXTERNAL] Rtgdir Last Call review of draft-ietf-rtgwg-policy-model
Yingzhen Qu <yingzhen.ietf@gmail.com> Fri, 30 July 2021 05:48 UTC
Return-Path: <yingzhen.ietf@gmail.com>
X-Original-To: rtgwg@ietfa.amsl.com
Delivered-To: rtgwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2019A3A1CDD; Thu, 29 Jul 2021 22:48:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7uTVMB2K1gfo; Thu, 29 Jul 2021 22:48:47 -0700 (PDT)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 032213A1CDB; Thu, 29 Jul 2021 22:48:46 -0700 (PDT)
Received: by mail-pj1-x1034.google.com with SMTP id mz5-20020a17090b3785b0290176ecf64922so19180383pjb.3; Thu, 29 Jul 2021 22:48:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=WroXq1689o5cbO7lI48IVxlQOMy9KW6ArY9TAvGDBp8=; b=AM1/D/bEj4BjiTHJ8gD9URZ025xtbLZVMsMwZUmH2OseT6v4p+1e3bQMTfwpl2HyJ1 WLrhKq4JjTtrnbc4lJAe64Ocj31wiizex1tkuCBovoe9+yeQteAbV592sDtSIGqcOFRQ owtiqtFGWff+v8Zqk0pgZfYlBDTpwRo2+qv9CSLJog36AvOTUfzjmxQfaNVOSrX20uGp j7Feb03cA1/NTXuFKbtFV/lygI1ipxpK1WoyMTl5x1roB+rT0PNTYLcMXRwzcwBzcvD0 cKMEYtQCezOsFhSeJ0AsSdOjk4hIhNS4iSin7CdgnVBZ2mCYlE0VSqb8EwRTThy7SEvg RXbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=WroXq1689o5cbO7lI48IVxlQOMy9KW6ArY9TAvGDBp8=; b=RiT2CSAhxShXw9U0f/3eG4YcTSd9rTM1lCyi2MwXC1aJ1ibpBX0mBGqTA2qQ0z3OO/ mWYua8xN5Kc+ZhuyXJORcdoTN15PVifgBvIEeUu0vvMvhU3DJv+TbFTzjqmyVrnAL7hY 0q1ttXqzsPX5vf/P2S3jz/l44+izbziQQ1jZ0ncmBr52iLczq9WTJ6omuvVk99rrVa1V YH67JPdD9o9lwVhH3TvNUfbftCLkKxNdxsM/k6chmEFbv8wWqPQDOKPEM2jfCy9KR8az bytFAh3/8RcDxDUbcJJqG0pDkVy6En30kZ+P4c9q4r1kjaniAfDFEW9K1yZ3f9ND8C0J 0eug==
X-Gm-Message-State: AOAM532UZ/RSB3BU2n6wOs8I1uDyr4n24MDkgClQPDc90XNLx2GkucMD lxn59zcuK+ss90Z8ZyR+uw==
X-Google-Smtp-Source: ABdhPJy7QrWUy6O6dhqp703Uo4GbFP0ACnEBrg7neEMbH52Fp/KqqeBoNWvuyleKBbqhtkSG+aYw8g==
X-Received: by 2002:a17:902:ecca:b029:12c:3c9:3d96 with SMTP id a10-20020a170902eccab029012c03c93d96mr1129088plh.13.1627624125417; Thu, 29 Jul 2021 22:48:45 -0700 (PDT)
Received: from ?IPv6:2601:646:9702:c61:4005:25b2:7c99:54fc? ([2601:646:9702:c61:4005:25b2:7c99:54fc]) by smtp.gmail.com with ESMTPSA id j12sm707222pfj.208.2021.07.29.22.48.44 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Jul 2021 22:48:45 -0700 (PDT)
From: Yingzhen Qu <yingzhen.ietf@gmail.com>
Message-Id: <3DD26365-E0AB-4C97-A1EA-249DBE4FB713@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6E15A621-35F2-4015-9385-46DEF0058F9D"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.40.0.2.32\))
Subject: Re: [EXTERNAL] Rtgdir Last Call review of draft-ietf-rtgwg-policy-model
Date: Thu, 29 Jul 2021 22:48:43 -0700
In-Reply-To: <AM7PR83MB0449A29CF92619F0BE68A342A3E19@AM7PR83MB0449.EURPRD83.prod.outlook.com>
Cc: "rtg-ads@ietf.org" <rtg-ads@ietf.org>, "draft-ietf-rtgwg-policy-model.all@ietf.org" <draft-ietf-rtgwg-policy-model.all@ietf.org>, "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "rtgwg@ietf.org" <rtgwg@ietf.org>
To: Jon Hardwick <jonhardwick@microsoft.com>
References: <DBAPR83MB045519A0508729F01EE43576A3059@DBAPR83MB0455.EURPRD83.prod.outlook.com> <88D465F6-19F6-48C3-AA16-C25B49F89C28@gmail.com> <AM7PR83MB0449A29CF92619F0BE68A342A3E19@AM7PR83MB0449.EURPRD83.prod.outlook.com>
X-Mailer: Apple Mail (2.3654.40.0.2.32)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/o30H3esyX6LMCqt3GOlhI7g_BtM>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 05:48:52 -0000
Hi Jon, Thanks for the comments. Please see my answers below. Thanks, Yingzhen > On Jul 19, 2021, at 3:53 AM, Jon Hardwick <jonhardwick@microsoft.com> wrote: > > Hi Yingzhen > > Sorry for the delay in replying. I’d like to discuss a couple of points – please see [Jon] below… > > Cheers > Jon > > > From: Yingzhen Qu <yingzhen.ietf@gmail.com <mailto:yingzhen.ietf@gmail.com>> > Sent: 29 June 2021 21:54 > To: Jon Hardwick <jonhardwick@microsoft.com <mailto:jonhardwick@microsoft.com>> > Cc: rtg-ads@ietf.org <mailto:rtg-ads@ietf.org>; draft-ietf-rtgwg-policy-model.all@ietf.org <mailto:draft-ietf-rtgwg-policy-model.all@ietf.org>; rtgdir@ietf.org <mailto:rtgdir@ietf.org>; rtgwg@ietf.org <mailto:rtgwg@ietf.org> > Subject: [EXTERNAL] Re: Rtgdir Last Call review of draft-ietf-rtgwg-policy-model > > Hi Jon, > > Thanks for the review. Please see my answers inline. > > Thanks, > Yingzhen > > > On Jun 26, 2021, at 3:32 AM, Jon Hardwick <jonhardwick@microsoft.com <mailto:jonhardwick@microsoft.com>> wrote: > > I have been selected as the Routing Directorate reviewer for this draft. The Routing Directorate seeks to review all routing or routing-related drafts as they pass through IETF last call and IESG review, and sometimes on special request. The purpose of the review is to provide assistance to the Routing ADs. For more information about the Routing Directorate, please seehttp://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftrac.tools.ietf.org%2Farea%2Frtg%2Ftrac%2Fwiki%2FRtgDir&data=04%7C01%7Cjonhardwick%40microsoft.com%7Ca0bc7d462cb04c5b9b8c08d93b4017be%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637605969366145175%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=125uhU%2BTkuy9ob8mjpThRjDX48MaRmzxg%2B0Q%2FTaKgZ0%3D&reserved=0>. > > Although these comments are primarily for the use of the Routing ADs, it would be helpful if you could consider them along with any other IETF Last Call comments that you receive, and strive to resolve them through discussion or by updating the draft. > > Document: draft-ietf-rtgwg-policy-model-29 > Reviewer: Jon Hardwick > Review Date: Jun 26th, 2021 > Intended Status: Standards Track > > Summary: > This document provides a foundational framework for the definition of routing protocol policies regarding the filtering in / out of routes when they are imported / exported between routing protocol neighbors and/or routing protocols and the RIB. Its purpose is to provide a framework which can be augmented by routing protocols in their policy YANG modules. I think that the document meets its goal very well. > > The document is in good shape. It's clear, well-defined in its scope and easy to read. I have a few minor concerns that I would like to see addressed before publication. > > Minor Comments: > > Section 4.2 > Why no match-set-options for neighbor-set? Is there no application for differentiating between "any of these neighbors" and "none of these neighbors"? > > You can only match on a single interface. Why is that? Was there no use case for any ANY / INVERT match on a set of interfaces? I am thinking of multihoming use cases. > > [Yingzhen]: Typically you can apply a route-policy or route-map to an interface or a neighbor, plus you can configure multiple route policies. I didn’t get your multihoming example, would you please elaborate? And why the current module doesn’t work? > [Jon]: I Am Not An Operator so I don’t have a real use case, but this is more of a question / thought experiment about how it will be used. It could be that I’ve misunderstood how this would be done in your model so please explain if I’ve got this wrong. Say I am configuring an L3VPN for a customer who will be multi-homed into my router over two interfaces (or more) and that I want to apply the same policy to all those interfaces. In a “traditional” CLI I might create a route map and then configure a reference to that route map on each interface. In this YANG model it looks like I must configure two identical policy statements, one matching on interface A and the other matching on interface B, because I have no ability to configure “match on either interface A or interface B”. The difference with the route map seems to be that I’ve had to configure the same policy statement twice. > Perhaps this example might be solved by matching on a neighbor-set or on a VRF instead. I was just surprised not to see an equivalent interface-set. > [Yingzhen]: For your example, you can config, for example one prefix-set (route-map), then reference this prefix-set (route-map) in two policy statements in the “statement” list (apply to two interfaces). We didn’t have an option for interface matching because we didn’t think it’s used as much as tag matching, and it can be done using multiple policy statements in the list. > "Comparison conditions may similarly use options…" - what do you mean by a "comparison condition"? The term is not used elsewhere in the document. > > [Yingzhen]: This is not really a term. It simply meant how to compare or the conditions to compare. I’d suggest we leave this to RFC editor. > [Jon] It’s just that it sounds like it means something specific. The text says “Match conditions may be further modified… Comparison conditions may further use…” and this makes me wonder what the difference is between a match condition and a comparison condition. If I had to take a guess, it sounds like “match condition” refers to comparing against a set of values whereas “comparison condition” refers to comparing against a single scalar value. The basic conditions defined in this base model appear to only use set comparisons, but you are saying that other models can augment this with single scalar value comparisons, in which case those models can also define “less than, greater than” etc. options to control the match, although those types of option are not defined here in the base model. Is that right? In which case, I wonder if it is even worth saying / explaining, or perhaps removing this sentence and leaving it to the augmenting models to define what they want? [Yingzhen]: Currently there are “match-set-options-group” and “match-set-options-restricted-group” defined in the module. Models that augments this policy model can use either of these or have their own definitions. If you think this is not clear, please let me know. > > [Jon]: Actually I have spotted another comment I want to make. In “grouping neighbor-set-condition” the description says “Match a referenced neighbor set according to the logic defined in the match-set-options-leaf” but there is no such leaf in this grouping. Should there be, or is the description wrong? [Yingzhen]: thanks for catching this. It was copy&paste error, now fixed. > > [Jon]: One more nit – the description for “grouping tag-set-condition” refers to the “match-options-set leaf” – it should be “match-set-options leaf”. [Yingzhen]: fixed. > Section 5 > "If the conditions are not satisfied, then evaluation proceeds to the > next policy statement" > > I think that evaluation also proceeds to the next policy statement if the conditions were satisfied, but the actions did not include either accept-route or reject-route. Is that correct? I think it would be worth making that explicit. > > [Yingzhen]: This is included in the first paragraph of section 5. Please let us know if you think it’s not clear. > [Jon] Yes, on re-reading it, I think it’s fine as written. > > > Section 7.2 > p21: > description > "Mask length range lower bound. It MUST NOT be less than > the prefix length defined in ip-prefix."; > > Why must it not be? And is there a situation in which it makes sense to allow it to be greater than the prefix length defined in ip-prefix? Should there be a "must" clause to police this constraint? > > [Yingzhen]: Here are a couple of prefix-list config examples. The “MUST NOT” might be a bit strong in the description, but I suppose most implementations would reject it if you config it less than the prefix length. > Router(config)# ip prefix-list MYLIST 10.1.1.0/24 le 30 > Router(config)# ip prefix-list MYLIST 10.1.1.0/24 ge 26 le 30 > > [Jon]: This is fine – I retract the comment (not sure what I was thinking now!). > > > p29: > description > "Policy statements group conditions and actions > within a policy definition. They are evaluated in > the order specified (see the description of policy > evaluation at the top of this module."; > > Missing close-parenthesis in this description. > > [Yingzhen]: thank you for catching this. I’ve noted it down, will fix it in the next version. > > > Best regards > Jon >
- Rtgdir Last Call review of draft-ietf-rtgwg-polic… Jon Hardwick
- Re: Rtgdir Last Call review of draft-ietf-rtgwg-p… Yingzhen Qu
- RE: [EXTERNAL] Re: Rtgdir Last Call review of dra… Jon Hardwick
- Re: [EXTERNAL] Rtgdir Last Call review of draft-i… Yingzhen Qu